Build HTTP/3 and eBPF enabled nghttpx with Dockerfile

This commit is contained in:
Tatsuhiro Tsujikawa 2021-09-18 17:59:09 +09:00
parent 9a6b623c25
commit be88846972
3 changed files with 100 additions and 39 deletions

75
docker/Dockerfile Normal file
View File

@ -0,0 +1,75 @@
FROM debian:11 as build
RUN apt-get update && \
apt-get install -y --no-install-recommends \
git clang make binutils autoconf automake autotools-dev libtool \
pkg-config \
zlib1g-dev libev-dev libjemalloc-dev ruby-dev libc-ares-dev bison \
libelf-dev
RUN git clone --depth 1 -b openssl-3.0.0+quic https://github.com/quictls/openssl && \
cd openssl && \
./config --openssldir=/etc/ssl && \
make -j$(nproc) && \
make install_sw && \
cd .. && \
rm -rf openssl
RUN git clone --depth 1 https://github.com/ngtcp2/nghttp3 && \
cd nghttp3 && \
autoreconf -i && \
./configure --enable-lib-only && \
make -j$(nproc) && \
make install-strip && \
cd .. && \
rm -rf nghttp3
RUN git clone --depth 1 https://github.com/ngtcp2/ngtcp2 && \
cd ngtcp2 && \
autoreconf -i && \
./configure --enable-lib-only \
LIBTOOL_LDFLAGS="-static-libtool-libs" \
OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -lpthread" \
PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig" && \
make -j$(nproc) && \
make install-strip && \
cd .. && \
rm -rf ngtcp2
RUN git clone --depth 1 -b v0.4.0 https://github.com/libbpf/libbpf && \
cd libbpf && \
PREFIX=/usr/local make -C src install && \
cd .. && \
rm -rf libbpf
RUN git clone --depth 1 https://github.com/nghttp2/nghttp2.git && \
cd nghttp2 && \
git submodule update --init && \
autoreconf -i && \
./configure --disable-examples --disable-hpack-tools \
--disable-python-bindings --with-mruby --with-neverbleed \
--enable-http3 --with-libbpf \
CC=clang CXX=clang++ \
LIBTOOL_LDFLAGS="-static-libtool-libs" \
OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -pthread" \
LIBEV_LIBS="-l:libev.a" \
JEMALLOC_LIBS="-l:libjemalloc.a" \
LIBCARES_LIBS="-l:libcares.a" \
ZLIB_LIBS="-l:libz.a" \
LIBBPF_LIBS="-L/usr/local/lib64 -l:libbpf.a -l:libelf.a" \
LDFLAGS="-static-libgcc -static-libstdc++" \
PKG_CONFIG_PATH="/usr/local/lib64/pkgconfig" && \
make -j$(nproc) install-strip && \
cd .. && \
rm -rf nghttp2
FROM gcr.io/distroless/base-debian11
COPY --from=build \
/usr/local/bin/h2load \
/usr/local/bin/nghttpx \
/usr/local/bin/nghttp \
/usr/local/bin/nghttpd \
/usr/local/bin/
COPY --from=build /usr/local/lib/nghttp2/reuseport_kern.o \
/usr/local/lib/nghttp2/

View File

@ -1,39 +0,0 @@
FROM debian:10 as build
RUN apt-get update && \
apt-get install -y --no-install-recommends \
git g++ make binutils autoconf automake autotools-dev libtool \
pkg-config \
zlib1g-dev libev-dev libjemalloc-dev ruby-dev libc-ares-dev bison && \
git clone --depth 1 -b OpenSSL_1_1_1l+quic https://github.com/quictls/openssl && \
cd openssl && ./config enable-tls1_3 --openssldir=/etc/ssl && make -j$(nproc) && make install_sw && cd .. && rm -rf openssl && \
git clone --depth 1 https://github.com/ngtcp2/nghttp3 && \
cd nghttp3 && autoreconf -i && \
./configure --enable-lib-only && \
make -j$(nproc) && make install-strip && cd .. && rm -rf nghttp3 && \
git clone --depth 1 https://github.com/ngtcp2/ngtcp2 && \
cd ngtcp2 && autoreconf -i && \
./configure --enable-lib-only \
LIBTOOL_LDFLAGS="-static-libtool-libs" \
OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a -ldl -lpthread" && \
make -j$(nproc) && make install-strip && cd .. && rm -rf ngtcp2 && \
git clone --depth 1 https://github.com/nghttp2/nghttp2.git && \
cd nghttp2 && \
git submodule update --init && autoreconf -i && \
./configure --disable-examples --disable-hpack-tools \
--disable-python-bindings --with-mruby --with-neverbleed \
--enable-http3 \
LIBTOOL_LDFLAGS="-static-libtool-libs" \
LIBS="-ldl -pthread" \
OPENSSL_LIBS="-l:libssl.a -l:libcrypto.a" \
LIBEV_LIBS="-l:libev.a" \
JEMALLOC_LIBS="-l:libjemalloc.a" \
LIBCARES_LIBS="-l:libcares.a" \
ZLIB_LIBS="-l:libz.a" && \
make -j$(nproc) install-strip
FROM gcr.io/distroless/cc-debian10
COPY --from=build /usr/local/bin/h2load /usr/local/bin/
ENTRYPOINT ["/usr/local/bin/h2load"]

25
docker/README.rst Normal file
View File

@ -0,0 +1,25 @@
Dockerfile
==========
Dockerfile creates the applications bundled with nghttp2.
These applications are:
- nghttp
- nghttpd
- nghttpx
- h2load
HTTP/3 and eBPF features are enabled.
In order to run nghttpx with HTTP/3 endpoint, you need to run the
image with the escalated privilege and higher memlock value. Here is
the example command-line to run nghttpx to listen to HTTP/3 on port
443, assuming that the current directory contains a private key and a
certificate in server.key and server.crt respectively :
.. code-block:: text
$ docker run --rm -it -v $PWD:/shared --net=host --privileged \
--ulimit memlock=2048000 nghttp2 nghttpx \
/shared/server.key /shared/server.crt \
-f'*,443;quic'